PAID AUDIT

V2X PKI Post-Quantum Readiness Audit

A hands-on audit of your V2X PKI infrastructure conducted by our engineering team. Available in Basic and Advanced tiers, scoped to your fleet size and migration timeline. Output is a prescriptive migration plan ready to act on.

WHO IT IS FOR

OEMs, Tier 1 suppliers, fleet operators, and the regulators that approve them.

Two reader profiles for this page. First, an engineering leader who has already run the free assessment and now wants a structured engagement on the depth-signal dimensions. Second, an engineering leader who knows the migration cannot wait, has the budget, and wants to move directly to a hands-on audit without the questionnaire pass.

Either path is fine. The free assessment is useful even when you go straight to the audit, because it gives Digital North a structured initial picture of your posture before our engineers arrive.

WHY THE AUDIT

What the audit does that the free assessment cannot.

Conducted, not surveyed.

The free assessment is what you do to yourself. The audit is what we do for you. Digital North engineers spend time with your systems and your people; the output reflects what we actually saw, not what a questionnaire indicated.

Prescriptive, not advisory.

The output is a migration plan with sequenced next steps, vendor conversations to start, and evidence templates to use. It is what someone running your migration would want to act on Monday morning.

Grounded in real engagements.

Findings reference patterns we have seen across V2X PKI work with OEMs, Tier 1 suppliers, fleet operators, and the regulators who approve them. Anonymised; never specific to any other engagement.

WHAT IT COVERS

Six dimensions in detail. Ten in the Advanced tier.

1. Algorithm and crypto-agility posture

Documented inventory of every signing algorithm in production, the abstraction layer's coverage gaps if any, and the agility headroom your current PKI carries into the migration.

2. HSM portfolio readiness

Per-vendor agility status, firmware-update versus hardware-replacement path, certification posture, and PQC firmware roadmap commitments from each vendor.

3. Certificate lifecycle and CBOM

Cryptographic Bill of Materials in the format your regulators expect, revocation-mechanism choice review under hybrid certificates, and the lifecycle-management implications of the chosen migration approach.

4. OTA bandwidth and R156 SUMS

Per-vehicle bandwidth-pressure modelling under hybrid certificates against your real fleet profile, cellular-cost projections, and OTA pipeline separation review aligned to UNECE R156 SUMS evidence requirements.

5. VSOC and PSIRT maturity

Detection rule coverage tuned for V2X message patterns, VSOC-PSIRT handoff exercise against a PQC-themed scenario, and information-sharing playbook gaps.

6. Cross-border and ISO 21434 maturity

Per-jurisdiction regulatory exposure mapping, TARA refresh with PQC threats included, and type-approval evidence pipeline review aligned to current ISO/SAE 21434 maturity expectations.

The Advanced tier covers four further dimensions: lawful access and PSIRT-LEA interface readiness, internal capability and migration timeline plausibility, supply chain and vendor PQC posture, threat intelligence and PQC threat management.

TIERS

Two tiers, sized to your fleet and migration timeline.

Basic

The Basic audit

For OEMs and Tier 1 suppliers who want a structured engagement on the depth-signal dimensions without committing to a multi-month review. Useful before a migration steering committee or as the pre-cycle for the Advanced audit.

  • Two-week engagement
  • Up to five Digital North engineer-days
  • Six dimension reviews drawn from the ten in the framework, scoped to your top concerns
  • Documentation review plus targeted interviews with up to six of your engineers
  • Final report: per-dimension findings, migration plan outline, sequenced next steps
Get in touch about the Basic audit
Advanced

The Advanced audit

For OEMs, Tier 1 suppliers, and fleet operators who are actively planning the migration and need a comprehensive engagement against their real systems. The output is the artefact someone running your migration would want to act on directly.

  • Six-to-twelve-week engagement
  • Twenty-to-forty Digital North engineer-days, scaled to fleet size and migration complexity
  • All ten dimension reviews in depth
  • Hands-on access to your PKI infrastructure, HSM portfolio, OTA pipeline, and VSOC tooling under agreed access controls
  • Vendor conversations Digital North can support directly on your behalf if requested
  • Final report: per-dimension findings with evidence, full migration plan with timeline, cost projections, vendor-specific recommendations, type-approval evidence package outline
Get in touch about the Advanced audit

Pricing is a commercial conversation. We scope each engagement to your fleet size, migration timeline, and the depth of access you can grant. Get in touch and we will send a sized proposal within five business days.

AUDIT FAQ

Questions about the audit

What is the difference between the Basic and Advanced audit tiers?

The Basic audit covers six dimensions in detail and is for OEMs and Tier 1 suppliers who want a structured engagement on the depth-signal dimensions without committing to a multi-month review. It is useful before a migration steering committee or as the pre-cycle for the Advanced audit. The Advanced audit covers ten dimensions: the same six plus lawful access and PSIRT-LEA interface readiness, internal capability and migration timeline plausibility, supply chain and vendor PQC posture, and threat intelligence and PQC threat management. It is for teams actively planning the migration against their real systems.

What do I receive at the end of the audit?

The output is a prescriptive migration plan grounded in Digital North's engagement experience: sequenced next steps, vendor conversations to start, and evidence templates to use. It is the artefact someone running your migration would want to act on directly, rather than a generic report.

How much does the V2X PKI post-quantum readiness audit cost?

Pricing is a commercial conversation. Each engagement is scoped to your fleet size, migration timeline, and the depth of access you can grant. Get in touch and Digital North sends a sized proposal within five business days.

Do I need to run the free assessment before booking the audit?

No, but it helps. If you have not yet run the free V2X PKI readiness assessment, doing that first gives you a clear initial picture and gives Digital North a structured starting point before the engineers arrive. If the migration cannot wait and you have the budget, you can move directly to the audit.

Not sure where to start?

If you have not yet run the free assessment, do that first. It gives you a clear initial picture and gives us a structured starting point if you decide to engage. If you have already run the assessment and want to discuss the next step, get in touch directly.